Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/BJF6TJZQqzIy57DcfQt1xCSE1IQ.roa
File:                     BJF6TJZQqzIy57DcfQt1xCSE1IQ.roa (raw, json)
Hash identifier:          mJT2VehClN17toqU0hWvuXmTGdrDAEWOTXTtFLk1Ozk=
Subject key identifier:   04:91:7A:4C:96:50:AB:32:32:E7:B0:DC:7D:0B:75:C4:24:84:D4:84
Certificate issuer:       /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial:       0198806D8CA7ABCBA1F7AF3F6C81B4AD850B
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/BJF6TJZQqzIy57DcfQt1xCSE1IQ.roa
Signing time:             Wed 06 Aug 2025 17:28:39 +0000
ROA not before:           Wed 06 Aug 2025 17:28:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206174
IP address blocks:        2a11:1483::/32 maxlen: 32
                          2a11:6302::/32 maxlen: 32
                          2a11:9384::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 16:13:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:6d:8c:a7:ab:cb:a1:f7:af:3f:6c:81:b4:ad:85:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
        Validity
            Not Before: Aug  6 17:28:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04917a4c9650ab3232e7b0dc7d0b75c42484d484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:9f:7c:58:21:c1:a1:95:c5:4b:65:6c:1a:bd:
                    0a:31:e3:ed:8d:54:2e:13:73:6c:a3:03:6b:8b:b5:
                    6b:f6:78:21:d5:7c:69:15:06:cd:9f:ac:1c:70:3b:
                    be:b9:21:f9:9d:72:1d:a9:41:0c:7e:f5:05:35:49:
                    e1:6d:78:13:08:e6:91:3d:23:e7:63:37:a9:8b:14:
                    34:c6:db:b3:aa:38:38:6d:71:a1:46:b8:3d:d6:fd:
                    55:61:50:03:a3:6b:00:c3:e4:c6:7b:fc:5e:be:18:
                    68:50:59:e7:b6:7c:b4:d7:31:e5:f5:7f:b0:96:c5:
                    0c:d4:15:62:cc:31:b3:29:39:12:56:86:c4:96:a8:
                    84:de:81:6b:4a:f4:55:95:25:47:df:6b:30:89:e0:
                    02:4d:08:f0:e3:4c:1b:e9:17:d2:54:17:47:37:0f:
                    bc:e4:cc:a7:94:20:69:51:fc:e9:5c:5e:cd:d5:98:
                    6b:7a:39:50:d6:ab:66:49:b2:3c:df:e6:81:d6:46:
                    a1:da:4a:82:e0:08:c1:14:a3:84:f9:e0:a4:48:3c:
                    1b:c5:83:f3:00:e2:78:43:43:3f:8b:02:5e:7a:d6:
                    10:29:35:45:06:71:be:a6:a1:3c:06:a7:fe:d8:ad:
                    c5:5e:ba:23:26:55:b9:c8:e7:92:f5:d2:1f:05:de:
                    b8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:91:7A:4C:96:50:AB:32:32:E7:B0:DC:7D:0B:75:C4:24:84:D4:84
            X509v3 Authority Key Identifier:
                keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/BJF6TJZQqzIy57DcfQt1xCSE1IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:1483::/32
                  2a11:6302::/32
                  2a11:9384::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:cd:28:2a:6a:b9:7a:03:6d:d7:0a:1f:a6:17:66:84:60:07:
         99:63:20:54:26:46:30:db:f1:b1:06:51:5d:a6:77:b0:20:95:
         3d:51:7b:f4:e0:1b:1d:9b:89:13:08:fb:8c:e6:9b:58:00:39:
         80:c0:b5:5f:4e:e8:43:cb:1f:30:a7:9c:0d:bd:9d:a0:92:1e:
         14:9e:ab:fa:01:3c:9d:13:15:2b:74:15:b4:76:73:39:bb:5c:
         1d:f4:77:4c:0f:76:b1:92:53:f8:7d:49:16:3b:d1:43:67:27:
         e8:1f:cc:5e:e0:1a:e2:38:28:2c:6c:3f:a3:0d:24:24:4a:2c:
         07:b8:53:7a:f3:b0:0b:c7:35:d1:e1:01:2b:4f:10:9d:50:e3:
         a8:ca:de:6f:35:48:65:80:96:c0:ea:a5:4a:f1:55:08:ea:f4:
         d1:48:1d:0a:40:09:3b:63:61:df:e3:d9:56:e6:da:9f:aa:60:
         43:14:6a:7e:8b:ad:19:f8:07:0e:50:ae:09:b8:62:86:a2:48:
         fc:35:c4:07:70:5e:95:6a:28:65:91:75:6a:3e:6b:6b:0b:08:
         7f:0f:68:b5:34:db:f3:9b:c9:87:3d:f6:d7:2e:8d:9f:5e:18:
         9c:e7:3b:0d:b5:d5:0a:bd:86:7a:5d:7d:25:55:0c:51:44:77:
         63:95:8a:7c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiAbYynq8uh968/bIG0rYULMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjUwODA2MTcyODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDkxN2E0Yzk2NTBhYjMyMzJlN2IwZGM3ZDBiNzVjNDI0ODRkNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4598WCHBoZXFS2VsGr0KMePtjVQu
E3NsowNri7Vr9ngh1XxpFQbNn6wccDu+uSH5nXIdqUEMfvUFNUnhbXgTCOaRPSPn
YzepixQ0xtuzqjg4bXGhRrg91v1VYVADo2sAw+TGe/xevhhoUFnntny01zHl9X+w
lsUM1BVizDGzKTkSVobElqiE3oFrSvRVlSVH32swieACTQjw40wb6RfSVBdHNw+8
5MynlCBpUfzpXF7N1ZhrejlQ1qtmSbI83+aB1kah2kqC4AjBFKOE+eCkSDwbxYPz
AOJ4Q0M/iwJeetYQKTVFBnG+pqE8Bqf+2K3FXrojJlW5yOeS9dIfBd64swIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFASRekyWUKsyMuew3H0LdcQkhNSEMB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvQkpGNlRKWlFxekl5NTdEY2ZRdDF4Q1NFMUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhEUgwMF
ACoRYwIDBQAqEZOEMA0GCSqGSIb3DQEBCwUAA4IBAQCOzSgqarl6A23XCh+mF2aE
YAeZYyBUJkYw2/GxBlFdpnewIJU9UXv04Bsdm4kTCPuM5ptYADmAwLVfTuhDyx8w
p5wNvZ2gkh4Unqv6ATydExUrdBW0dnM5u1wd9HdMD3axklP4fUkWO9FDZyfoH8xe
4BriOCgsbD+jDSQkSiwHuFN687ALxzXR4QErTxCdUOOoyt5vNUhlgJbA6qVK8VUI
6vTRSB0KQAk7Y2Hf49lW5tqfqmBDFGp+i60Z+AcOUK4JuGKGokj8NcQHcF6Vaihl
kXVqPmtrCwh/D2i1NNvzm8mHPfbXLo2fXhic5zsNtdUKvYZ6XX0lVQxRRHdjlYp8
-----END CERTIFICATE-----